what you don't know can hurt you

Tor Proxy Bypass Via Firefox

Tor Proxy Bypass Via Firefox
Posted May 3, 2012
Authored by Robert Ransom

A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do.

tags | advisory, local, bypass
MD5 | 3d0dc16b806e4802155630b7b630bde1

Tor Proxy Bypass Via Firefox

Change Mirror Download
https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs

"A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do. This bug is present in current Tor Browser Bundles (2.2.35-9 on Windows; 2.2.35-10 on MacOS and Linux).

To fix this dns leak/security hole, follow these steps:

Type “about:config” (without the quotes) into the Firefox URL bar. Press Enter.
Type “websocket” (again, without the quotes) into the search bar that appears below "about:config".
Double-click on “network.websocket.enabled”. That line should now show “false” in the ‘Value’ column.

See Tor bug 5741 for more details.
(https://bugs.torproject.org/5741)
We are currently working on new bundles with a better fix."

- http://pastebin.com/xajsbiyh

----------------------------
Anonymous comments:
----------------------------
On May 2nd, 2012 Anonymous said:

Oh dear :(

Does anyone know if IP addresses leaked to Twitter when (through NoScript) I enabled javascript for that site?

If yes, I may be in trouble.
----------------------------
On May 2nd, 2012 Anonymous said:

@anon, AFAIK Twitter does not use web sockets, so even if you enabled Javascript on Twitter it should not be an issue. I could be wrong or there could be other issues.
----------------------------
On May 2nd, 2012 Anonymous said:

Theoretically, an exit node can embed a websocket into your traffic stream if you are using HTTP.
----------------------------
On May 2nd, 2012 Anonymous said:

As long as you weren't doing anything illegal in the United States you should be fine. Tor has never been about hiding illegal activity. And since Twitter is in the US and doesn't respond to foreign court orders… well…
----------------------------
On May 2nd, 2012 Anonymous said:

Ah right, maybe Anonymous "Oh dear" is a fucking communist, or even a dirty whistle blower like Maning! Brave, law abide citizens haven't got anything, that must be hidden, so maybe you want to forbid TOR, Mr. McCarthy?
----------------------------
On May 2nd, 2012 Anonymous said:

Oh great, so all my Pastebins are belong to the Feds?
----------------------------

THE DRAMA CONTINUES...

TBB proxy bypass: Some DNS requests not going through Tor
Ticket #5741 (closed defect: fixed)
https://trac.torproject.org/projects/tor/ticket/5741

"This is not the first time some rarely triggered bug in Firefox causes Tor to be bypassed, and certainly will not be the last one. Since these bugs have a very high security impact I propose they are guarded against. How about running Firefox inside some kind of firewall that drops all network packets not going to Tor?"
----------------------------
Comments:
----------------------------
by mikeperry

Good catch Robert. Disabling about:config pref network.websocket.enabled prevents it from happening for me... I'm now grepping through the Firefox WebSocket code looking for the issue..

----------------------------
by mikeperry

This is fixed and pushed to all TBB branches. I fixed it by blocking all DNS requests while socks_remote_dns is enabled, so we don't end up with this showing up in new components in the future.

Interested folks can review the patch here: https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0018-Prevent-WebSocket-DNS-leak.patch
----------------------------
Additional Reference:

[tor-talk] Firefox security bug (proxy-bypass) in current TBBs

Robert Ransom rransom.8774 at gmail.com
Wed May 2 22:43:52 UTC 2012

See https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs
for the security advisory.

Robert Ransom

https://lists.torproject.org/pipermail/tor-talk/2012-May/024123.html
----------------------------
Another version of TBB, another bug. IMO, they should mark all releases of TBB as ALPHA!

At the time of this bug report collection and passing the news onto others, there have not been any new release of TBB versions to fix this bug on their download pages, but it'll come.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close